From: SAMARTH (samarth_04@hotmail.com)
Date: Sun Dec 16 2007 - 19:22:19 ART
Atif,
Your configuration on R2 for the tunnel is wrong, I assume that it's the
spoke, and I see that you have already given static routes along with
distance for manipulation.
Best Wishes,
C SAMARTH
CCIE #18535
CCSP CCNP CCNA
MCSE MCSD SCSA1
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tarun Pahuja
Sent: Sunday, December 16, 2007 9:55 PM
To: atif raees
Cc: ccielab@groupstudy.com
Subject: Re: DMVPN Multihomed(Hus & Spokes)with Loopback interfaces Help
Require
Atif,
In a DMVPN network, if you plan on using loopbacks as tunnel source,
they must be reachable. You can accomplish this either by using a routing
protocol(NBMA) or static routes(Internet).
HTH,
Tarun
On 12/17/07, atif raees <atifraees@hotmail.com> wrote:
>
> Dear All
>
> I am testing DMVPN with Hub & spoke connectivity.
> hub connects to the SP using redundant link for fail over so as the Spoke
> redundant link to SP.
> I have used Loopbacks on both sites.
>
> Problem is i need to add two static route pointing remote loop back with
> each
> next hop physical interface so that my tunnels can go up & failover.
> i there any way to eliminate the static routes b/c at HUB site then i will
> need to use static route for each spoke sites.
>
> Below is the config (R1 Hub connects to R2 spoke)
>
> R1:
>
> crypto isakmp policy 10
> hash md5
> authentication pre-share
> crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
> !
> !
> crypto ipsec transform-set strong esp-3des esp-md5-hmac
> !
> crypto ipsec profile cisco
> set security-association lifetime seconds 120
> set transform-set strong
> !
> !
> !
> !
> !
> !
> interface Tunnel0
> ip address 10.10.1.1 255.255.255.0
> no ip redirects
> ip mtu 1440
> ip nhrp authentication cisco123
> ip nhrp map multicast dynamic
> ip nhrp network-id 1
> ip ospf network broadcast
> tunnel source Loopback1
> tunnel mode gre multipoint
> tunnel key 0
> tunnel protection ipsec profile cisco
> !
> interface Loopback0
> ip address 10.1.1.1 255.255.255.255
> !
> interface Loopback1
> ip address 1.1.1.1 255.255.255.0
> !
> interface FastEthernet0/0
> ip address 192.168.1.1 255.255.255.252
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip address 192.168.2.1 255.255.255.252
> duplex auto
> speed auto
> !
> interface Serial1/0
> ip address 172.16.10.1 255.255.255.252
> encapsulation ppp
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/1
> ip address 172.16.11.1 255.255.255.252
> encapsulation ppp
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/2
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/3
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> router ospf 1
> log-adjacency-changes
> network 10.1.1.0 0.0.0.255 area 0
> network 10.10.1.0 0.0.0.255 area 0
> !
> ip http server
> no ip http secure-server
> !
> ip route 2.2.2.2 255.255.255.255 192.168.1.2
> ip route 2.2.2.2 255.255.255.255 172.16.10.2 254
> __________________________________________________
>
> R2:
>
> crypto isakmp policy 10
> hash md5
> authentication pre-share
> crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
> !
> !
> crypto ipsec transform-set strong esp-3des esp-md5-hmac
> !
> crypto ipsec profile cisco
> set security-association lifetime seconds 120
> set transform-set strong
> !
> !
> !
> !
> !
> !
> interface Tunnel0
> ip address 10.10.1.2 255.255.255.0
> no ip redirects
> ip mtu 1440
> ip nhrp authentication cisco123
> ip nhrp map multicast dynamic
> ip nhrp map 10.10.1.1 1.1.1.1
> ip nhrp map multicast 1.1.1.1
> ip nhrp network-id 1
> ip nhrp nhs 10.10.1.1
> ip ospf network broadcast
> tunnel source Loopback1
> tunnel destination 1.1.1.1
> tunnel key 0
> tunnel protection ipsec profile cisco
> !
> interface Loopback0
> ip address 10.2.2.2 255.255.255.255
> !
> interface Loopback1
> ip address 2.2.2.2 255.255.255.0
> !
> interface FastEthernet0/0
> ip address 192.168.1.2 255.255.255.252
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> no ip address
> shutdown
> duplex auto
> speed auto
> !
> interface Serial1/0
> ip address 172.16.10.2 255.255.255.252
> encapsulation ppp
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/1
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/2
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/3
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> router ospf 1
> log-adjacency-changes
> network 10.2.2.0 0.0.0.255 area 0
> network 10.10.1.0 0.0.0.255 area 0
> !
> ip http server
> no ip http secure-server
> !
> ip route 1.1.1.1 255.255.255.255 192.168.1.1
> ip route 1.1.1.1 255.255.255.255 172.16.10.1 254
>
>
> Regards
>
> Atif Raees
> Mobile# 92-333-2346241
>
>
> _________________________________________________________________
> Share life as it happens with the new Windows Live.
>
>
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_122007
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST